Why?
More than ever, it seems as if the whole world is wondering what the future will bring in the next six months. Predictions are all over the map for the rest of the year in virtually every area of life.
While the focus on U.S. elections has never been hotter, other topics ranging from the police protests to an economic recovery to the likelihood of a COVID-19 vaccine were not even on the agenda back in December when most 2020 forecasts were released.
Simply stated, the global coronavirus pandemic has caused a major reset in most areas of life.
Going Back to the Future with Cybersecurity
But backing up a bit, what was said about the future of cybersecurity in December 2019? My annual report containing the top 20 security industry predictions for 2020 included an abundance of cybertrends, forecasts and threats from the top security vendors — ranked in order.
Here’s a brief excerpt from that annual "Lohrmann on Cybersecurity" industry round-up of trends:
“Common prediction themes across vendors include the 2020 elections in the U.S., more targeted ransomware, more ways to attack the cloud, and an explosion of problems with deepfake technology.
There’s disagreement on the most important cyberthreats to focus on as we head into 2020, even though everyone agrees that cybersecurity is more important than ever before. Just as in 2019, we have the continuation of arguments for and against AI (i.e., how helpful is AI really and will our enemies use it or not?). Also, the continued disagreement on whether cloud versus mobile threats are more of a challenge.”
Not surprisingly, since COVID-19 response was on no one’s prediction list, cyberthreat predictions for topics like working from home (WFH) were not at the top of any list either. (Note: Some will rightly say they predicted more mobile security threats, but not in our current pandemic context.)
If you want to take a deeper dive (or keep score) regarding who said what when we began the year, I urge you to watch this free BrightTALK webinar from January covering the prediction report for a recap on top predictions.
Of course, one important exception remains, which almost everyone agreed upon. The immense stakes involved in the 2020 U.S. presidential election — along with the security implications, will dominate all discussions in the second half of 2020.
But with the future seeming more uncertain than ever, we decided to go back and ask our top vendors in annual security prediction report to provide input into any changes in their outlook regarding cybersecurity.
We asked: “What’s hot and getting hotter in cybersecurity? Are you (as industry leaders) revising your earlier predictions because of our global pandemic?”
Trend Micro Mid-Year Prediction Review Through the Lens of COVID-19
First up, here was the input we received from Greg Young, vice president of cybersecurity for Trend Micro.
Trend Micro's top-rated 2020 Predictions Report was released in November 2019, so it was just before the events shaped by COVID-19 began. How have these predictions changed? Interestingly, none have been sidelined, but some have accelerated. Here are three predictions revisited through the lens of the global events of the last few months.
"Serverless platforms will introduce an attack surface for misconfiguration and vulnerable code.” This one is accelerating, but by an indirect means due to COVID-19 — IT staff have suddenly had time for reflection and planning. In fact, our data shows that besides an increased appetite for strategic content, there has been a significant increase in demand for longer-form content. Serverless was on the table already, but planning seems to be accelerated. At the same time, new business app planning and implementation has been accelerated. Together this means new apps on new foundations, and that means more new code with the expected vulnerabilities and more opportunity for misconfiguration. What wasn't expressed overtly in the prediction was that serverless breaks a lot of the current security architectures based on traditional workload models. We're starting to see discussions on serverless security architectures like we did a few years back when containers were on the whiteboard, but I'm discouraged that there isn't enough of it.
"Remote Desktop Protocol (RDP) will be abused to compromise vulnerable systems." This one has accelerated greatly, and all due to COVID-19 impacts. With the rush to teleworking for large numbers of employees, more use of RDP happened quickly. Too often we saw ad-hoc rollouts of remote connections, with weak identity and access management (IAM) and no two-factor authentication. The bad guys jumped on this with simple brute force login attacks on RDP, and they were rewarded. Too often companies get hung up on the 'information in transit' aspect of VPNs, and stumble on the IAM part. Attackers rarely try and brute force a connection, when they can brute force the credentials and get everything inside future tunnels. I predict that by the end of the first half of 2020 we will have seen a 5x increase in RDP brute force attacks globally over the same period in 2019.
"Home offices and other remote-working setups will redefine supply chain attacks." Saving the most-impacted for last, this is clearly the prediction most accelerated by COVID-19. All organizations, including those that had controversially been repatriating teleworkers suddenly had to go officeless, or nearly officeless. There's been a lot written on this topic already but the bottom line is that a large percentage of the teleworkers deployed during the last few months didn't have the security protections, including training, they needed. Many support organizations let the standards for password resets soften, web connections weren't protected from home as they were from the office, home routers remained squishy, and shared PCs in the home became a better malware vector. Endpoints and email remain the two most common factors in attacks, and both became more vulnerable with less secure teleworkers.
FireEye Prediction Updates for Second Half of 2020
FireEye’s 2020 Prediction Report released last year was titled, The Road Ahead: Cyber Security in 2020 and Beyond, and this impressive (ranked No. 2) report addresses these topics:
- How increasing use of the cloud continues to change security
- The skills gap and thinking outside the box when it comes to staffing
- Threats such as ransomware and weak spots such as supply chain
- Cyber activity during the upcoming U.S. elections
- How organizations and vendors need to start thinking about security
- The emerging role of the general counsel
- The continued evolution of information operations
- Geopolitics as a driver of cyberactivity
- Increasingly sophisticated cybercriminal operations
To summarize, she basically says that the same threat actors are out there as were before COVID but as we see with other large sweeping events, they are taking advantage of people’s fear and uncertainty using COVID-19 as a theme to their efforts. The real dangers can come from people getting too focused on COVID-19 themed attacks to where the larger threats can successfully infiltrate. Organizations may be letting their guard down so to speak.
Here’s a brief excerpt from Sandra’s blog:
The significant shifts in the threat landscape we are currently tracking include:
- The sudden major increase in a remote workforce has changed the nature and vulnerability of enterprise networks.
- Threat actors are now leveraging COVID-19 and related topics in social engineering ploys.
- We anticipate increased collection by cyber espionage actors seeking to gather intelligence on the crisis.
- Healthcare operations, related manufacturing, logistics, and administration organizations, as well as government offices involved in responding to the crisis are increasingly critical and vulnerable to disruptive attacks such as ransomware.
- Information operations actors have seized on the crisis to promote narratives primarily to domestic or near-abroad audiences.
Black Hat's survey, Cyber Threats in Turbulent Times, describes how the COVID-19 pandemic will have a huge impact on the information security industry in the second half of 2020.
- Nearly 95% of security professionals believe that the COVID-19 crisis increases the cyber threat to enterprise systems and data, with 24% saying the increased threat is critical and imminent.
- Over 70% said they are worried that quarantined workers might break policy and expose enterprise systems and data to new risks.
- 66% expressed concerns about the vulnerability of the systems and networks used by quarantined workers.
- 64% fear a likely increase of attacks by adversaries seeking to take advantage of the crisis.
- More than 80% of security professionals believe that the crisis will create significant changes in operations methods.
- 15% believing that cyber operations and threat flow will return to normal after the COVID-19 crisis passes.
Here are a few positive forecasts (with many more details at the links):
- A boon to virtual reality.
- The rise of telemedicine.
- A healthier digital lifestyle.
- Regulatory barriers to online tools will fall.
- The personal becomes dangerous. “Instead of asking, “Is there a reason to do this online?” we’ll be asking, “Is there any good reason to do this in person?” — and might need to be reminded and convinced that there is. …”
This video offers some other positive tech trends as an outcome from the pandemic:
A Coming Cyber Pandemic?
Others are predicting a “cyber pandemic” (similar to a “Cyber Pearl Harbor” or a “Cyber 9/11”) is coming soon, as I wrote about in a recent blog post here.
This is a definite change in focus from cyber prediction reports released before the pandemic with this new name given to a crippling cyberattack — given our new global pandemic circumstances. Expect to see more of the term "cyber pandemic" used alongside the other two memorable (but bad) days in U.S. history.
And these dire predictions are being offered in the mainstream news media, with The Herald in Scotland writing about the threat, and linking it to recent cyberattacks on Australia.
Cyber Defense Magazine offers these post-COVID-19 cybersecurity predictions, including: “More remote employees will mean more insider threats.”
Healthcare IT News discusses several new cyberthreats that will last beyond the pandemic.
And many articles are now being written about election cyberthreats, and I listed those numerous sources (so far) and actions by groups in my recent blog.
Final Thoughts
Many experts believe that COVID-19 has accelerated business and government digital transformation projects, by up to five years in some cases, with more and more business transactions being performed online.
But others go even further, and say the pandemic will bring about positive changes to the global cybersecurity landscape. “The ‘silver lining’ of the pandemic is the way it is catalyzing changes in cybersecurity,” according to Phil Quade, chief information security officer at Fortinet.
I am not as sure as Mr. Quade about the coming positive impact of the pandemic on the security industry, but no doubt real changes are happening and some funding for working from home initiatives is occurring now. It remains to be seen if these trends will be an overall positive force or not. My sense is that we have a very mixed picture.
But one thing I do know, most of these cyber issues (and new predictions) will continue to be with us when we publish the top 21 security predictions for 2021 in this upcoming December.
And hopefully we’ll be near the end of this COVID-19 pandemic, with vaccines and better treatments available, offering us a light at the end of this dark pandemic tunnel.